Social Security Numbers

Security Plan

The University of Texas at Brownsville and Texas Southmost College (UTB/TSC) is committed to safeguarding its valuable information assets and protecting the privacy of those it serves. To that end, UTB/TSC develops and maintains a successful information security program that includes enforceable policies and procedures to protect privacy and safeguard UTB/TSC’s information assets.

This compilation of procedures governs the security of social security numbers (SSNs). The procedures are intended to comply with UTS165, which requires each institution to develop and implement a written security plan for records and record systems that contain SSNs.

UTS165 governs the confidentiality, integrity and availability of individuals’ SSN’s maintained by U.T. institutions. The UTS165 Security Plan shall include administrative, physical, and technical safeguards that (i) Ensure the confidentiality, integrity and availability of all SSNs U.T. institutions maintain; (ii) protect against any reasonably anticipated threats or hazards to the security or integrity of such information; and (iii) protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by law.

To avoid unnecessary duplication of efforts, the UTS165 Security Plan is based on the Subpart C of Part 164 of the HIPAA Security Standards and leverages UTB/TSC’s ongoing efforts to consolidate all security risk assessments required to comply with institutional, state, and federal regulations.

By reference, the UTS165 Security Plan includes procedures in the UTB/TSC Acceptable Use Policy, Information Resources and Security Policy, and Information Resources Security Operations Manual. It assumes that procedures required by these documents are already being implemented.

All implementation specifications in this plan are required.

UTS165 Security Plan Implementation Specifications

I. Administrative Safeguards:

Risk Assessment: UTS165 requires each institution to establish a schedule for risk assessments and audits of systems containing SSNs.

Workforce Security

Workforce Clearance Procedure: UTS165 requires institutions to limit access to SSNs to those employees who need to see the number for the performance of their job responsibilities.

Termination Procedure: Likewise, each institution should terminate access to SSNs when employment ends or when job responsibilities do not require access to such information.

Security Incident Procedures: Institutions should implement procedures to address security incidents. Identify, report, and respond to suspected or known security incidents that threat the integrity or security of SSNs.

Contingency Plan: UTS165 require institutions to protect the security of records containing SSNs during storage. This procedure ensures that records containing SSNs are included in the following:

Data Back Up Plan

Disaster Recovery and Emergency Mode Operation Plans

Business Associates Agreements: UTS165 requires institutions to enter into a written contract with third parties when SSNs are shared.

II. Physical Safeguards

Workstation Use Procedures: UTS165 requires institutions do not store records containing SSNs on institutional or personal computers or other electronic devices that are not secured against unauthorized access. These procedures should complement those included in the UTB/TSC Acceptable Use Policy, Information Resources and Security Policy, and Information Resources Security Operations Manual.

Person or Entity Authentication: Verify that a person or entity seeking access to SSNs is the one claimed and monitor access attempts.

Transmission Security: Ensure that SSNs confidentiality and integrity are protected during transmission when SSNs are shared with other U.T. institutions or third parties acting as agents or contractors for a U.T. institution.

The University of Texas at Brownsville website uses Javascript.
Your browser either doesn't support Javascript or you have it turned
off.
To access this page as it is meant to function please use a Javascript
enabled browser.